[Forgot Password]
Login  Register Subscribe

23631

 
 

117687

 
 

98218

 
 

909

 
 

79198

 
 

109

Paid content will be excluded from the download.


Download | Alert*
OVAL

USN-826-1 -- mono vulnerabilities

ID: oval:org.secpod.oval:def:700468Date: (C)2011-05-13   (M)2017-11-27
Class: PATCHFamily: unix




It was discovered that the XML HMAC signature system did not correctly check certain lengths. If an attacker sent a truncated HMAC, it could bypass authentication, leading to potential privilege escalation. It was discovered that Mono did not properly escape certain attributes in the ASP.net class libraries which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data , within the same domain. This issue only affected Ubuntu 8.04 LTS. It was discovered that Mono did not properly filter CRLF injections in the query string. If a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, steal confidential data , or perform cross-site request forgeries. This issue only affected Ubuntu 8.04 LTS

Platform:
Ubuntu 8.10
Ubuntu 8.04
Ubuntu 9.04
Product:
mono
Reference:
USN-826-1
CVE-2008-3422
CVE-2008-3906
CVE-2009-0217
CVE    3
CVE-2008-3906
CVE-2008-3422
CVE-2009-0217
CPE    3
cpe:/o:ubuntu:ubuntu_linux:8.04
cpe:/o:ubuntu:ubuntu_linux:8.10
cpe:/o:ubuntu:ubuntu_linux:9.04

© 2013 SecPod Technologies